Seth Larson3s ago

RE: https://mastodon.social/@7ASecurity/116521920390604616

๐Ÿ’ช โ€œurllib3's supply chain posture was described as exceptionally strong, with advanced compliance across SLSA Source, Build, and Provenance requirements. The project maintainers were helpful, responsive, and engaged throughout the audit, ensuring that 7ASecurity had the necessary access and information at all timesโ€

Excellent work @illiav and @quentinpradet! ๐Ÿ‘

#security #python #opensource #oss #supplychain #slsa

Earl4m ago

My cat was sitting on my lap last night, and when I spoke to her, that seemed to trigger my Android phone to tell me it could not use speech recognition.

Earlier, I had disabled an app. That seemed to block Android from listening through the mic. And now Android is complaining. But I see no loss of functionality in my phone. I am wondering if Android has previously been eavesdropping on conversations, until I disabled this app.

http://john1126.com/746

#Android #privacy #security #AI #cats

TheHackerWire4m ago

๐ŸŸ  CVE-2026-20188 - High (7.5)

A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affec...

๐Ÿ”— https://www.thehackerwire.com/vulnerability/CVE-2026-20188/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire5m ago

๐Ÿ”ด CVE-2026-28780 - Critical (9.8)

Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server.
If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled...

๐Ÿ”— https://www.thehackerwire.com/vulnerability/CVE-2026-28780/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire5m ago

๐ŸŸ  CVE-2026-20167 - High (7.7)

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router.

This vulnerability is due to impr...

๐Ÿ”— https://www.thehackerwire.com/vulnerability/CVE-2026-20167/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire5m ago

๐ŸŸ  CVE-2026-20188 - High (7.5)

A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affec...

๐Ÿ”— https://www.thehackerwire.com/vulnerability/CVE-2026-20188/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire6m ago

๐ŸŸ  CVE-2026-20188 - High (7.5)

A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affec...

๐Ÿ”— https://www.thehackerwire.com/vulnerability/CVE-2026-20188/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire6m ago

๐ŸŸ  CVE-2026-23870 - High (7.5)

A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: rea...

๐Ÿ”— https://www.thehackerwire.com/vulnerability/CVE-2026-23870/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire6m ago

๐ŸŸ  CVE-2026-7875 - High (8.8)

NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted...

๐Ÿ”— https://www.thehackerwire.com/vulnerability/CVE-2026-7875/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire7m ago

๐ŸŸ  CVE-2026-20034 - High (8.8)

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device.

This vulnerability is due to insufficient validation of user-supplied...

๐Ÿ”— https://www.thehackerwire.com/vulnerability/CVE-2026-20034/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack